With JumpCloud's Software Management Private Repository, you can upload and install Windows and Apple software application files through an intuitive and frictionless interface. With this feature, you don't have to host custom applications yourself or depend on third-party solutions.
Benefits of the JumpCloud Private Repository include:
- Control the files you deploy to your endpoints
- Eliminate the time and expense involved in setting up and maintaining your own hosting solution
- Control which applications gets installed where, without having to rely on public application repositories
Considerations:
- The following file types are supported:
- MSI (Windows)
- PKG (Apple macOS) and IPA (iOS and iPadOS)
- Storage (total across entire repository) is limited to 10GB.
- Egress (data consumed from the repository) is limited to 10GB per licensed user per month.
- Maximum allowable application size is 5GB.
- If the application uploaded to Software Management is already present on bound devices, the custom application automatically installs the version you uploaded based on its bundle ID.
Prerequisites:
- Requires Windows MDM for MSI deployments.
- Requires Apple MDM for PKG and IPA deployments.
- Packages must include valid, signed certifications.
Known Issues:
- Windows:
- When unbinding a device from within the application's Devices tab, the status reverts to Install Pending. For the time being, we don't recommend unbinding to remove a custom app from a device. Workaround: Manually uninstall the application from the device.
- When adding a command line to an existing application's configuration, the save button is disabled. Workaround: Change the name of the application to enable the save button.
- All OSes - Depending on your screen size, the application page's Devices tab may not paginate correctly. Workaround: Resize your screen or use search/filter to find specific devices.
Uploading and Validating Application Files
Windows Custom Application
These steps walk you through uploading and validating an application file for Windows devices. You can also configure Windows applications with command line options before installing them.
- In the Admin Portal, go to DEVICE MANAGEMENT > Software Management > Windows.
- Click (+).
- Select JumpCloud Private Repo. A New Custom App panel opens.
To learn about other ways to manage Windows software, see Get Started: Software Management.
- Under Application Details, enter the Application Name.
- (Optional) Under Deployment Configurations, enter any desired installer flags, such as /quiet or others.
With all inputs, the msiexec /i command is implied and not needed.
- Under Upload File, drag and drop a file to the upload area or click Choose a File to browse for a file. Only MSI file types are supported for Windows devices.
- Click Upload. An upload progress bar appears and you will see a File uploaded successfully message.
- As the file is being processed, you will see a message: Your application request is still processing. Once the processing is complete, you will be able to associate devices.
- When this message disappears, you can bind and install the applications on specific devices or device groups. See Binding and Installing Applications on Devices or Device Groups.
Apple Custom Application
Apple custom application deployment supports both PKG and IPA files, but compatibility depends on the device type:
- PKG files are supported on macOS devices only.
- IPA files are supported on iOS and iPadOS devices only.
These steps walk you through uploading and validating an application file on Apple devices.
- In the Admin Portal, go to DEVICE MANAGEMENT > Software Management > Apple.
- Click (+) to add a new managed software app.
- Select JumpCloud Private Repo. A New Custom App panel opens.
To learn about other ways to manage software on Apple devices, see Get Started: Software Management.
- Under Application Details, enter the Application Name.
- Under Upload File, drag and drop a file to the upload area or click Choose a File to browse for a file. Only PKG and IPA file types are supported for Apple devices.
- Click Upload. An upload progress bar appears and you will see a File uploaded successfully message.
- As the file is being processed, you will see a message: Your application request is still processing. Once the processing is complete, you will be able to associate devices.
- When this message disappears, you can bind and install the application on specific devices or device groups. See Binding and Installing Applications on Devices or Device Groups.
Resolving Upload or Validation Failures
Upload Failures
When a software upload fails, a message appears on the Details tab: "The file upload failed. Please delete this instance and try again." To proceed, click Delete to remove the application instance and follow the upload process again.
Validation Failures
Failed validation is only displayed by clicking in to the application details from the Software Management list.
When a package upload can't be validated, a message appears in the Details tab of the newly created application. To proceed, click Delete to remove the application instance and start the upload process again.
This error may indicate that the file has not been digitally signed by the vendor of the application. Contact the vendor for a digitally signed file.
To check the digital signature:
- Right-click on the .msi file, then click Properties > Digital Signatures. If the file is signed, you should see the name of the signer. Click Details to view more information about the certificate:
- Check the certificate details to ensure that it was issued by a trusted Certificate Authority (CA).
- Verify that the certificate has not expired. If the certificate has expired, it may indicate that the .msi package is not trustworthy.
- Ensure that the publisher information matches the expected publisher of the .msi package. If the publisher information is unfamiliar or does not match, the package may not be valid.
Binding and Installing Applications on Devices or Device Groups
If you are adding a new managed software application, you have the option to bind and install the application directly after uploading it.
- In the Admin Portal, go to DEVICE MANAGEMENT > Software Management.
- Choose the appropriate OS tab and find the application you want to bind or unbind.
- Click to open the managed application details.
- From the Devices tab, select the devices where you want to install the software.
- Click the Device Groups tab and select the device groups where you want to bind the application. The application will be installed on all devices within the group with an eligible OS for that application type.
- To unbind device groups, select Show bound device groups to see the groups where the application is currently bound, then clear the selection next to groups you want to unbind. Unbinding software from a device group will remove bindings for all devices within the group.
- Unbinding a managed software instance from devices and/or device groups does not uninstall the application from those devices.
If the device group has dynamic membership controls, be aware that devices will be added and/or removed in the future based on the rule-based attributes of the group. See Configure Dynamic Device Groups for more information. Further, it is not possible to remove individual bound device(s) from a dynamic group within Software Management, as the device will be re-enrolled into the device group if it still meets the rule-based attributes associated with the group. You will need to unbind the device from the dynamic group under Device Groups first.
- When you are finished selecting the devices and device groups where you want the application to be installed, click Save & Install. A Managed Software Associations confirmation appears.
- Click Save & Install to proceed with the software installation. A success message indicates whether the installation was successful.
- MSI packages are downloaded to C:\Windows\System32\config\systemprofile\AppData\Local\mdm and installed on the device at C:\Program Files\.
Viewing the Status of Managed Software
- From the managed application details screen, click the Status tab to see the status of the application, including all devices where the application is bound, and the installation status.
- For Windows devices:
- Install Failed: Installation failed on the device. Action is required.
- Click Retry to initiate a retry installation on a single device.
- Install Success: Installation succeeded and the application is now managed by JumpCloud on the device. No action is required.
- Install Pending: Installation is in progress on the device. No action is currently required.
- Install Failed: Installation failed on the device. Action is required.
- For Apple devices:
- Command Failed: Installation failed on the device. Action is required.
- Click Retry to initiate a retry installation on a single device.
- Command Sent: The install command was sent successfully, but we cannot confirm the device has installed the application.
- Install Pending: Installation is in progress on the device. No action is currently required.
- Command Failed: Installation failed on the device. Action is required.
- For Windows devices:
- Click View to see installation results specific to the individual device, including versioning information for the application and expanded status details.
Deleting Managed Software Configurations
Deleting a managed software instance from devices and/or device groups does not uninstall the application from those devices.
To delete managed software:
- In the Admin Portal, go to DEVICE MANAGEMENT > Software Management.
- Choose the appropriate OS tab and select the application you want to delete.
- Click Delete. A confirmation modal appears.
- For managed Apple software packages, if you’re removing more than one app, enter the total number of app packages to be deleted.
- Click Delete App(s).
- For managed Windows software packages, click delete.
- The application is no longer managed by JumpCloud. Note this does not uninstall the application from any bound devices.
Troubleshooting
Cause:
The install could fail for many reasons, such as:
- Installer is not compatible with Windows version
- Application is already installed at a greater version and a downgrade is not allowed
- Another application install is in progress or stuck
- Network connectivity issue
Resolution:
Some failures can recover with a retry, but some will not. Microsoft MDM cannot distinguish between the failures by the status Windows sends, so it continues to retry. Windows will try to install apps three times before sending a failure status to Microsoft MDM. After this status is sent, Microsoft MDM will send a failed status to the relevant devices and schedule the application install to retry in 24 hours.
A hosted Windows application may appear to install successfully in the Admin Portal, but the application isn't present on the user's device. This can occur with applications that install directly to a user's local profile, as MDM commands run as the System user account.
When the installation runs, the application is installed to the System user's profile:
C:\Windows\System32\config\systemprofile\AppData
The application's final location can vary, but most will install to the AppData\Local folder within the relevant user profile.
Symptoms
A software application assigned to a device receives a successful installation message, but after inspecting the device, the application is not present in the user's profile or installed programs list.
Resolution
Since MDM commands do not currently support installation in the user context, a workaround is to use a JumpCloud command to install the application:
- Use the Run as User command template to install the application in the end user's context.
- See Creating a Command from a Template to learn how to create the command.
- The end user may need temporary elevated privileges (e.g., local administrator rights) to install the software.